1076200 – (CVE-2018-5703) VUL-0: CVE-2018-5703: kernel-source: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernelthrough 4.14.11 allows attackers to cause a denial of service (slabout-of-bounds write) or possibly have unspecified other im

Bug 1076200 (CVE-2018-5703) - VUL-0: CVE-2018-5703: kernel-source: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernelthrough 4.14.11 allows attackers to cause a denial of service (slabout-of-bounds write) or possibly have unspecified other im

Summary: VUL-0: CVE-2018-5703: kernel-source: The tcp_v6_syn_recv_sock function in net...

Status:	RESOLVED FIXED

Alias:	CVE-2018-5703

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/198321/
Whiteboard:	CVSSv3:SUSE:CVE-2018-5703:7.7:(AV:N/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-01-16 14:18 UTC by Marcus Meissner
Modified:	2024-07-04 09:15 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-01-16 14:18:06 UTC

CVE-2018-5703

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.14.11 allows attackers to cause a denial of service (slab
out-of-bounds write) or possibly have unspecified other impact via vectors
involving TLS.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5703
https://groups.google.com/d/msg/syzkaller-bugs/0PBeVnSzfqQ/5eXAlM46BQAJ

Comment 1 Marcus Meissner 2018-01-16 14:27:55 UTC

cant make sense of affectedness.

the syzkaller bug references https://patchwork.ozlabs.org/patch/801530/ 
which might be related or not.

Comment 2 Michal Kubeček 2018-01-17 09:23:38 UTC

TLS support including TCP_ULP socket option was added in 4.13-rc1 and we do not
have it backported in any older branches (not even SLE15 / openSUSE-15.0).

The patch referenced in commit 1 should indeed address this issue but it hasn't
been resubmitted since v3 was rejected because it enforced building IPv6 into
kernel image whenever CONFIG_TLS was enabled (even as a module):

  https://patchwork.ozlabs.org/cover/809582/

In the meantime, relevant code has been changed by commit

  6d88207fcfdd  tls: Add function to update the TLS socket configuration

which contains part of the original patch (but doesn't address this issue,
AFAICS) so that the patch will need to be adjusted.

As only stable branch (i.e. Tumbleweed) is affected, I suggest to wait for few
days if there is a progress in upstream.

Comment 3 Marcus Meissner 2018-08-29 08:54:56 UTC

can be considerd fixed